bpo-29613: Added support for SameSite cookies (GH-6413)

* bpo-29613: Added support for SameSite cookies

Implemented as per draft
https://tools.ietf.org/html/draft-west-first-party-cookies-07

* Documented SameSite

And suggestions by members.

* Missing space :(

* Updated News and contributors

* Added version changed details.

* Fix in documentation

* fix in documentation

* Clubbed test cases for same attribute into single.

* Updates

* Style nits + expand tests

* review feedback

1 files changed, 8 insertions, 0 deletions

diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst
index fb8317a..f3457a0 100644
--- a/Doc/library/http.cookies.rst
+++ b/Doc/library/http.cookies.rst
@@ -137,11 +137,16 @@ Morsel Objects
    * ``secure``
    * ``version``
    * ``httponly``
+   * ``samesite``
 
    The attribute :attr:`httponly` specifies that the cookie is only transferred
    in HTTP requests, and is not accessible through JavaScript. This is intended
    to mitigate some forms of cross-site scripting.
 
+   The attribute :attr:`samesite` specifies that the browser is not allowed to
+   send the cookie along with cross-site requests. This helps to mitigate CSRF
+   attacks. Valid values for this attribute are "Strict" and "Lax".
+
    The keys are case-insensitive and their default value is ``''``.
 
    .. versionchanged:: 3.5
@@ -153,6 +158,9 @@ Morsel Objects
       :attr:`~Morsel.coded_value` are read-only.  Use :meth:`~Morsel.set` for
       setting them.
 
+   .. versionchanged:: 3.8
+      Added support for the :attr:`samesite` attribute.
+
 
 .. attribute:: Morsel.value